---
layout: docs
page_title: JSON Web Token (JWT) Auth Method
description: >-
  Use the JWT auth method to authenticate to Nomad with a JSON web token and receive an ACL token with privileges based on JWT identity attributes. Learn how to configure the auth method parameters using this reference page and example configuration.
---

# JSON Web Token (JWT) Auth Method

Use the `jwt` auth method to authenticate with Nomad by providing a
[JWT](https://en.wikipedia.org/wiki/JSON_Web_Token) directly. The JWT is
cryptographically verified using locally-provided keys, or, if configured, you may use an
OIDC Discovery service to fetch the appropriate keys.

Refer to [auth-method create] for the parameters required to create a JWT auth-method with a given verification method.

## JWT Verification

Nomad verifies JWT signatures against public keys from the issuer. This
process uses one of these methods:

- **Static Keys** - A set of public keys is stored directly in the
  configuration.

- **JWKS** - Configure a JSON Web Key Set ([JWKS](https://tools.ietf.org/html/rfc7517))
  URL and optional certificate chain. Nomad fetches keys from
  this endpoint during authentication.

- **OIDC Discovery** - Configure an OIDC Discovery URL and optional certificate chain. Nomad fetches keys from this URL during authentication. When you use OIDC Discovery, Nomad applies OIDC validation criteria such as `iss` and `aud`.

If you need multiple methods, create another auth method of this type
with a different name.

@include 'jwt_claim_mapping_details.mdx'

[auth-method create]: /nomad/commands/acl/auth-method/create
